package com.hqyj.realm;

import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
/*自定义过滤器：实现角色或的关系配置*/
public class MyFilter extends AuthorizationFilter {
    @Override
    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object o) throws Exception {
        //1 获取当前登录shiro用户
        Subject subject = getSubject(servletRequest,servletResponse);
        //2 获取用户定义的角色参数或者权限参数
        String[] perms = (String[])o;
        //3 自定义角色判断逻辑
//        subject.hasRole();//判断角色
//        subject.isPermitted();//判断权限
        for(String p:perms){
            if (subject.hasRole(p)){
                System.out.println("用户用于角色参数" + p + "允许访问");
                return true;
            }
        }
        for (String p:perms){
            if (subject.isPermitted(p)){
                System.out.println("用户用于权限参数"+ p + "允许访问");
                return true;
            }
        }
        return false;
    }
}
